Computer Forensics: Incident Response Essentials

This is an outstanding book. Well written, very educational. If you're tasked with handling computer security incidents, you'll want to have a copy of this book on your bookshelf. The first chapter is an outstanding quick overview of the entire scope of incident response.

The authors, both of whom have impeccable credentials, have managed to distill a complex subject into a book that can be understood by anyone with intermediate-level computer skills. More importantly, computer forensics is a relatively new sub discipline of IT security, making this book important in that there are few books on the topic.I'll start with the beginning and end of the book, each of which are focused on legal aspects of forensics. The book begins by explaining what forensics is, and giving a three-step process that covers the essentials at a high level: (1) acquire evidence, (2) authenticate it, and (3) analyze it. Although this process is presented at a high level, important details, such as the importance of establishing and maintaining a chain of custody, how to collect and document evidence and key issues to consider when presenting the evidence in court are covered. This discussion is picked up again in Chapter 12, Introduction to the Criminal Justice System, in which applicable laws, advice on dealing with law enforcement agencies, and the distinction between criminal and civil cases are discussed. There is sufficient detail and pointers to put sources of information to arm you with the bare essentials.Between the opening chapter and Chapter 12 described above are chapters devoted to basic techniques and procedures for tracing email, specific operating system issues (the book deals with UNIX and Windows), encryption, codes and compression and other common challenges an investigator will face. The material is not overly technical, and is presented in easy-to-understand prose. Anyone who works as a network or system administrator, provides desktop support, or is an advanced end user will have no problems following the techniques that are presented or the underlying technical details. If you're seeking an advanced text this book will probably disappoint you, although there is sure to be some new trick or fact that you'll learn. For example, I have over 25 years of IT experience and was fascinated by the discussion of steganography (an information hiding technique). There were other chapters that I quickly skimmed because I was well-versed in the subject matter. What I like about the book is the easy approach, which makes it easy to develop the fundamental skills necessary to perform forensics. The few other papers and books on the subject are far more advanced and the learning curve is a barrier. This book will give the new security investigator a foothold in the topic upon which he or she can build. I especially liked the appendices, which provide an excellent framework for incident response. One of the best features is the detailed roles and responsibilities, which are well thought out and reinforce the axiom that security is everyone's business. Another outstanding feature is the flowcharts for various incident types, such as denial of service, hostile code, etc. These can be used verbatim in a security policies

As a high technology crimes prosecutor in Silicon Valley, this book is just what I've been waiting for. While not an exhaustive treatise on the minutia of computer systems and forensic tools, the authors provide a comprehensive overview of investigative approaches, tools, and techniques desperately needed in the field. This book should be a must read for investigators (public and private), attorneys, and system administrators, as well as corporate management responsible for overseeing either personnel, or the security of network infrastructure and information assets. Both an excellent primer on the developing field of computer forensics and a good resource from which to launch more in depth research into a specific area in the field. While many of the previous works in this field proved to be either uninformative cursory overviews or mind numbing forays into the depths of the arcane, the authors have struck a good balance that makes for an enjoyable and informative read. Not the end all, be all of computer crime investigation, but a damn fine starting point.

As the title indicates this text is one of the "essentials." When it comes to crimes committed with and by the computer, it is no easy task to train and relate the process. Kruse and Heiser, in clear no nonsense language have relayed the complexities of forensic examination quiet well. Computer Forensics is a fundamental guide that takes on the task of describing the process, details and intricacies including the societal and legal aspects. (a point often missed by technical writers)This is a must read for technologists familiar with computer and network operations, but unfamiliar with computer crime issues. On the other side of the coin, a user new to this arena will benefit greatly with their start to finish approach in each chapter.This book is perfect for a classroom environment and as a reference work.

This book is an excellent resource for anyone who is responsible for computer incident investigation and response, as well as anyone who performs computer forensic examinations. It describes a sound scientific method of preservation and analysis of computer data evidence, and covers DOS/Windows, Unix-based, and MacIntosh systems. In addition, the experience of the authors is shared in describing the presentation of data evidence in court. The flow charts and sample forms help to clarify the methods and techniques of forensic examinations and incident response. This book is an essential addition to the computer professional's library.